+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: CodeIgniter 4 (https://forum.codeigniter.com/forumdisplay.php?fid=28)
+--- Forum: CodeIgniter 4 Support (https://forum.codeigniter.com/forumdisplay.php?fid=30)
+--- Thread: CSRF never fails (/showthread.php?tid=81395)
CSRF never fails - Gary - 02-23-2022
Is it just me, or is anyone else experiencing an issue with the CSRF Filter never failing?
Security.php's function verify(RequestInterface $request) has the following line, that for the life of me, I can't get to fail anymore!?
Code:
if (! isset($token, $this->hash) || ! hash_equals($this->hash, $token)) {RE: CSRF never fails - kenjis - 02-23-2022
How do you know the line is the cause?
RE: CSRF never fails - Gary - 02-24-2022
Finger trouble, sorry, wrong line! I'll correct it to make the question more sensible, thanks Kenjis.
That being said, I wasn't implying the line was the cause... it is only the final "deciding" test... so the problem was somewhere in the setting/recovery of the variables in the comparison.
At any rate, although I didn't get to the bottom of it, I changed the code elsewhere to sidestep the problem... so the problem was likely just me.